topic SSL vulnerabilities in Splunk Enterprise

SSL vulnerabilities

Pooja1 — Wed, 29 Apr 2026 07:07:38 GMT

Hi Splunk,

Could you please help me to resolve the below mentioned vulnerability.

Synopsis

The remote service encrypts traffic using a protocol with known weaknesses.

Description

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients.

Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that these versions will be used only if the client or server support nothing better), many web browsers implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is recommended that these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong cryptography'.

Please provide me the steps to remediate this.

Thank you.

Re: SSL vulnerabilities

livehybrid — Wed, 29 Apr 2026 09:14:36 GMT

Hi @Pooja1

Do you have a reference or CVE for the vulnerabilities you are referring to?

Have you been able to establish that the vulnerability does actually affect/impact your environment, rather than just being picked up by an external vulnerability scanner?

What version of Splunk are you running?

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Re: SSL vulnerabilities

Pooja1 — Wed, 29 Apr 2026 09:40:11 GMT

Hello @livehybrid,

No CVE number found for this vulnerability.

I'm not sure whether this vulnerability affect/impact our environment. However, these kind of vulnerbilities are triggered with the tenable scan.

Current Splunk version running on our servers is 9.1.X.

Thank you.

Re: SSL vulnerabilities

livehybrid — Wed, 29 Apr 2026 13:11:21 GMT

Hi @Pooja1

9.1.x went out of support nearly 12 months ago, therefore I think the best solution here is to update to the latest version of a supported 9.x or even 10.x release as these will have more up-to-date security patches.

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Re: SSL vulnerabilities

richgalloway — Wed, 29 Apr 2026 13:14:28 GMT

Splunk has not supported SSL 2.0 or 3.0 for some time now. It only supports TLS 1.0, 1.1, and 1.2 with 1.2 being the recommended version. I'm curious about how Tenable was able to connect using an unsupported protocol.

Splunk 9.1.x is no longer supported so no fixes are forthcoming for that version. A supported version may contain a fix, but it's hard to know without a CVE number.

You may find mention of a fix at http://advisory.splunk.com

Re: SSL vulnerabilities

Pooja1 — Wed, 29 Apr 2026 13:23:46 GMT

Okay, got it.

Thank you for the help

Re: SSL vulnerabilities

Pooja1 — Wed, 29 Apr 2026 13:24:21 GMT

Hi @richgalloway,

Thank you for explaining about this.

Re: SSL vulnerabilities

inventsekar — Thu, 30 Apr 2026 11:45:15 GMT

Hi @Pooja1 may i ask few more details pls

1) are you using the "Tenable Add-On for Splunk", if yes, the version number pls

https://splunkbase.splunk.com/app/4060

2) are you using the Splunk Enterprise Security, if yes, the version number pls
3) may we know if there are any plans for Splunk upgrade in near future?
4) the above mentioned vulnerability, may we know where do you see this exactly?
between 2 regular app hosts or on the Splunk system itself..

----------------------------------------------------------------------------------------------
If this post or any post addressed your question, could you pls:
Give it karma to show appreciation

PS - As of Apr 2026, my Karma Given is 2290 and my Karma Received is 494, lets revamp the Karma Culture!
Thanks and best regards, Sekar
----------------------------------------------------------------------------------------------

Re: SSL vulnerabilities

PickleRick — Thu, 30 Apr 2026 19:32:12 GMT

Apart from what's been already said about upgrading, it's worth noting that at least some of those issues can be mitigated with proper configuration. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.0/secure-splunk-platform-communications-with-transport-layer-security-certificates/configure-ssl-and-tls-protocol-version-support-for-secure-connections-between-splunk-platform-instances

Re: SSL vulnerabilities

Pooja1 — Tue, 12 May 2026 07:37:54 GMT

Hi @inventsekar ,

1) are you using the "Tenable Add-On for Splunk", if yes, the version number pls
- Yes, 7.0.0

2) are you using the Splunk Enterprise Security, if yes, the version number pls
-Yes, 8.3.0 but its a different stack

3) may we know if there are any plans for Splunk upgrade in near future?
- We have upgraded to 9.4.10

4) the above mentioned vulnerability, may we know where do you see this exactly?
between 2 regular app hosts or on the Splunk system itself..
- Yes, its in Splunk server itself.

FYI - we have 3 differenent stack on Splunk Cloud for Splunk core, ES and ITSI.

HF's, DS, IHFs are on on-prem

Thank you.

Re: SSL vulnerabilities

Pooja1 — Tue, 12 May 2026 07:38:46 GMT

Hi @PickleRick ,

Thank for the details. Let me go through it.